This concerns you if you have websites and apps that collect personal data used by people living in the European Union or use hosting companies that are based in the EU. Websites and European-based hosting companies must be GDPR-compliant by 25 May 2018.

The GDPR requires that when a user signs up for a free or paid service, for an app or website, and provides their personal data, the provider of the service has to notify them explicitly how their personal data will be used before they complete the registration. Whether that use is for marketing and profiling, or if there is a possibility of the data to be subject of sale or transfer to third-parties, it has to be explicitly stated in advance. Users will be able to say NO to certain types of usage and will have to give consent – opt in – to the Terms of Service and Privacy Policy of the provider, thus making an informed choice.…

The GDPR will regulate how personal data of individuals in EU territory gets collected and used. It defines what personal data is – being literally everything – name, e-mail, username, address, phone number, financial data, age, behavioural data and more, and obliges everyone who collects and processes such data of EU individuals, no matter where that company or person is located around the world, to act in accordance with this regulation.

SiteGround from How is SiteGround Getting Ready for the GDPR?

Is Your Hosting Company in the U.S. but Based in the EU?

If you are using a U.S. entity of an EU-based hosting company, check their operating procedures for how EU data is handled. You may have apps or websites that ask for EU clients' data. That data may be transferred to and processed by the U.S. entity. For example, the Society for Technical Communication (STC), Washington, DC – Baltimore (WDCB) chapter's website is hosted in the SiteGround U.S. data center and we have EU users who register for competitions, mentoring, or subscribe to website posts.

How is SiteGround Handling This?

In accordance with the GDPR, SiteGround, and other hosting companies with similar setups, needs to ensure that the U.S. entity offers the same level of protection of the EU data, as guaranteed in the GDPR, even though it is subject to U.S. jurisdiction. SiteGround will regulate this through Standard Contractual Clauses*, which will be included in all contracts between U.S. and EU entities to guarantee the transfer of data is compliant with the GDPR requirements.

They are also working on a certification under the EU-US and Swiss-US Privacy Shield with the Department of Commerce that they adhere to the Privacy Shield Principles regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively, so they can lawfully host EU clients' data on their U.S. servers when that is needed.

Informational Webinar

Two weeks ago, SiteGround held a free webinar in the EU attended by over 6000 people interested in how the new piece of legislation affects them. The following materials are available to help those who could not attend the seminar get a better understanding of this new regulation.

Free Live Webinar Video: "What is GDPR?"

SiteGround's Senior Legal Advisor, Maya Stoyanova, spoke about the new regulation and answered live questions from the audience. They received a lot of interesting questions. You may watch the recording of the webinar and read the answers of the most popular questions at https://www.siteground.com/blog/what-is-gdpr-webinar/.